ID CVE-2016-9813
Summary The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
References
Vulnerable Configurations
  • cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1401934
title CVE-2016-9813 gstreamer-plugins-bad-free: NULL pointer dereference in mpegts parser
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment gstreamer1-plugins-bad-free is earlier than 0:1.4.5-6.el7_3
        oval oval:com.redhat.rhsa:tst:20170021005
      • comment gstreamer1-plugins-bad-free is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20170021006
    • AND
      • comment gstreamer1-plugins-bad-free-devel is earlier than 0:1.4.5-6.el7_3
        oval oval:com.redhat.rhsa:tst:20170021007
      • comment gstreamer1-plugins-bad-free-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20170021008
rhsa
id RHSA-2017:0021
released 2017-01-05
severity Moderate
title RHSA-2017:0021: gstreamer1-plugins-bad-free security update (Moderate)
rpms
  • gstreamer1-plugins-bad-free-0:1.4.5-6.el7_3
  • gstreamer1-plugins-bad-free-devel-0:1.4.5-6.el7_3
refmap via4
bid 95158
confirm
debian DSA-3818
exploit-db 42162
gentoo GLSA-201705-10
mlist
  • [oss-security] 20161201 gstreamer multiple issues
  • [oss-security] 20161204 Re: gstreamer multiple issues
Last major update 05-01-2018 - 02:31
Published 13-01-2017 - 16:59
Back to Top